GitHub deprecates account passwords for authenticating Git operations

CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Content source
https://www.bleepingcomputer.com/news/security/github-deprecates-account-passwords-for-authenticating-git-operations/
GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.

This change was first announced last year, in July, when GitHub said that authenticated Git operations would require using an SSH key or token-based authentication.

GitHub also deprecated password-based authentication for authenticating via the REST API beginning with November 13, 2020.

"Starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on GitHub.com," the company said.

"Instead, token-based authentication (for example, personal access, OAuth, SSH Key, or GitHub App installation token) will be required for all authenticated Git operations."

If you're still using a username and password to authenticate Git operations, you should take the following steps to avoid disruption when the new requirements are enacted tomorrow:
Click to expand...
www.bleepingcomputer.com

GitHub deprecates account passwords for authenticating Git operations

GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Applause
Reactions: Nevi, SeriousHoax, silversurfer and 1 other person
CyberTech

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
GitHub is urging its base of users to enable two-factor authentication as the platform shakes up how it protects accounts from compromise.

In a blog post this week, Github's Mike Hanley explained that beginning on August 13, GitHub stopped accepting account passwords when authenticating Git operations. The platform now requires people to use stronger authentication factors like personal access tokens, SSH keys, or OAuth or GitHub App installation tokens for all authenticated Git operations on GitHub.com.

Hanley added that in addition to ditching passwords, GitHub has taken other measures like investing in verified devices, preventing the use of compromised passwords, supporting WebAuthn and more. GitHub announced the move in December.

"If you have not done so already, please take this moment to enable 2FA for your GitHub account. The benefits of multifactor authentication are widely documented and protect against a wide range of attacks, such as phishing," Hanley said.
Click to expand...
www.zdnet.com

GitHub pushes users to enable 2FA following end of password authentication for Git operations

GitHub said on August 13 it will no longer accept account passwords when authenticating Git operations.
www.zdnet.com www.zdnet.com
 
  • Like
Reactions: Gandalf_The_Grey, [correlate], silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
GitHub goes passwordless with Passkey now available for everyone
Replies
0
Views
573
News Archive
CyberTech
CyberTech
CyberPanther
    • Like
    • Hundred Points
    • Thanks
Technology Google streamlines 2-Step Verification setup, boosts account security options
Replies
0
Views
318
Technology News
CyberPanther
CyberPanther
V
    • Like
Microsoft introduces passkeys for consumer accounts
Replies
0
Views
127
Microsoft Defender
Vasu Jakkal and Joy Chik
V

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top